2011 has offered quite a number of tough lessons for security professionals. Here at (ISC)2, where security education is our focus, the close of another year raises the old teacher's question: "What have we learned, class?"

Two years after his business was a victim of ACH fraud, PATCO's Mark Patterson doubts whether most small business owners are yet aware of the risks they face. And he doesn't think the FFIEC guidance will help.

Banks and credit unions are feverishly working to meet the FFIEC's authentication compliance deadline next year. But experts say institutions should be looking beyond the guidance, by making investments in cross-channel fraud detection.

Mobile banking is a 'must-have' today, but the foray into this new financial-services arena comes with risk. Consistent review and implementation of security layers and controls is the only strategic way to tackle emerging mobile offers.

Medtronic's announcement that it's launching an "in-depth risk/benefit analysis" following an "ethical hack" of one of its insulin pumps is good news. We hope that Medtronic and all other medical device manufacturers launch long-overdue, aggressive efforts to improve medical device safeguards.

The latest guidance issued by the Federal Financial Institutions Examination Council draws a line of clear distinction between the types of knowledge-based authentication available - from static challenge questions, such as those derived from customer enrollment information, to dynamic KBA sessions that serve as part...